diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2022-07-15 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2022-07-15 08:00:00 +0000 |
| commit | 37b47c08ce9127e23bc26a79c2f715daf8466f50 (patch) | |
| tree | f203d24fe45fcb860e5688e6435c4a54010854c7 /libpam/pam_handlers.c | |
| parent | 31645f4830162a3dd49513b74a5e56f40777e98c (diff) | |
| download | pam-37b47c08ce9127e23bc26a79c2f715daf8466f50.tar.gz pam-37b47c08ce9127e23bc26a79c2f715daf8466f50.tar.bz2 pam-37b47c08ce9127e23bc26a79c2f715daf8466f50.zip | |
_pam_add_handler: make sure struct handler is properly initialized on error path
* libpam/pam_handlers.c (_pam_add_handler): Use calloc instead of malloc
for struct handler allocation to avoid returning garbage in some fields
of the structure on error path.
Resolves: https://github.com/linux-pam/linux-pam/issues/475
Diffstat (limited to 'libpam/pam_handlers.c')
| -rw-r--r-- | libpam/pam_handlers.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c index ffa5e4ae..12ebb8fc 100644 --- a/libpam/pam_handlers.c +++ b/libpam/pam_handlers.c @@ -889,8 +889,8 @@ int _pam_add_handler(pam_handle_t *pamh handler_p = &((*handler_p)->next); } - if ((*handler_p = malloc(sizeof(struct handler))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #1"); + if ((*handler_p = calloc(1, sizeof(struct handler))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "cannot allocate struct handler #1"); return (PAM_ABORT); } @@ -904,8 +904,6 @@ int _pam_add_handler(pam_handle_t *pamh (*handler_p)->argv = argv; /* not a copy */ if (((*handler_p)->mod_name = extract_modulename(mod_path)) == NULL) return PAM_ABORT; - (*handler_p)->grantor = 0; - (*handler_p)->next = NULL; /* some of the modules have a second calling function */ if (handler_p2) { @@ -914,8 +912,8 @@ int _pam_add_handler(pam_handle_t *pamh handler_p2 = &((*handler_p2)->next); } - if ((*handler_p2 = malloc(sizeof(struct handler))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #2"); + if ((*handler_p2 = calloc(1, sizeof(struct handler))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "cannot allocate struct handler #2"); return (PAM_ABORT); } @@ -933,13 +931,9 @@ int _pam_add_handler(pam_handle_t *pamh return (PAM_ABORT); } memcpy((*handler_p2)->argv, argv, argvlen); - } else { - (*handler_p2)->argv = NULL; /* no arguments */ } if (((*handler_p2)->mod_name = extract_modulename(mod_path)) == NULL) return PAM_ABORT; - (*handler_p2)->grantor = 0; - (*handler_p2)->next = NULL; } D(("_pam_add_handler: returning successfully")); |